mirror of
https://github.com/rustfs/rustfs.git
synced 2026-01-17 01:30:33 +00:00
29c004d935
* Initial plan * feat: implement console service separation from endpoint Co-authored-by: houseme <4829346+houseme@users.noreply.github.com> * feat: add console separation documentation and tests Co-authored-by: houseme <4829346+houseme@users.noreply.github.com> * feat: enhance console separation with configurable CORS and improved Docker support Co-authored-by: houseme <4829346+houseme@users.noreply.github.com> * feat: implement enhanced console separation with security hardening and monitoring Co-authored-by: houseme <4829346+houseme@users.noreply.github.com> * refactor: implement console TLS following endpoint logic and improve configuration Co-authored-by: houseme <4829346+houseme@users.noreply.github.com> * add tower-http feature "timeout|limit" * add dependencies crates `axum-server` * refactor: reconstruct console server with enhanced tower-http features and environment variables Co-authored-by: houseme <4829346+houseme@users.noreply.github.com> * upgrade dep * improve code for dns and console port `:9001` * improve code * fix * docs: comprehensive improvement of console separation documentation and Docker deployment standards Co-authored-by: houseme <4829346+houseme@users.noreply.github.com> * fmt * add logs * improve code for Config handler * remove logs * fix --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: houseme <4829346+houseme@users.noreply.github.com> Co-authored-by: houseme <housemecn@gmail.com>
224 lines
6.2 KiB
YAML
224 lines
6.2 KiB
YAML
# RustFS Comprehensive Docker Deployment Examples
|
|
# This file demonstrates various deployment scenarios for RustFS with console separation
|
|
|
|
version: "3.8"
|
|
|
|
services:
|
|
# Basic deployment with default settings
|
|
rustfs-basic:
|
|
image: rustfs/rustfs:latest
|
|
container_name: rustfs-basic
|
|
ports:
|
|
- "9000:9000" # API endpoint
|
|
- "9001:9001" # Console interface
|
|
environment:
|
|
- RUSTFS_ADDRESS=0.0.0.0:9000
|
|
- RUSTFS_CONSOLE_ADDRESS=0.0.0.0:9001
|
|
- RUSTFS_EXTERNAL_ADDRESS=:9000
|
|
- RUSTFS_CORS_ALLOWED_ORIGINS=http://localhost:9001
|
|
- RUSTFS_CONSOLE_CORS_ALLOWED_ORIGINS=*
|
|
- RUSTFS_ACCESS_KEY=admin
|
|
- RUSTFS_SECRET_KEY=password
|
|
volumes:
|
|
- rustfs-basic-data:/data
|
|
networks:
|
|
- rustfs-network
|
|
restart: unless-stopped
|
|
healthcheck:
|
|
test: ["CMD", "sh", "-c", "curl -f http://localhost:9000/health && curl -f http://localhost:9001/health"]
|
|
interval: 30s
|
|
timeout: 10s
|
|
retries: 3
|
|
profiles:
|
|
- basic
|
|
|
|
# Development environment with debug logging
|
|
rustfs-dev:
|
|
image: rustfs/rustfs:latest
|
|
container_name: rustfs-dev
|
|
ports:
|
|
- "9010:9000" # API endpoint
|
|
- "9011:9001" # Console interface
|
|
environment:
|
|
- RUSTFS_ADDRESS=0.0.0.0:9000
|
|
- RUSTFS_CONSOLE_ADDRESS=0.0.0.0:9001
|
|
- RUSTFS_EXTERNAL_ADDRESS=:9010
|
|
- RUSTFS_CORS_ALLOWED_ORIGINS=*
|
|
- RUSTFS_CONSOLE_CORS_ALLOWED_ORIGINS=*
|
|
- RUSTFS_ACCESS_KEY=dev-admin
|
|
- RUSTFS_SECRET_KEY=dev-password
|
|
- RUST_LOG=debug
|
|
- RUSTFS_LOG_LEVEL=debug
|
|
volumes:
|
|
- rustfs-dev-data:/data
|
|
- rustfs-dev-logs:/logs
|
|
networks:
|
|
- rustfs-network
|
|
restart: unless-stopped
|
|
healthcheck:
|
|
test: ["CMD", "sh", "-c", "curl -f http://localhost:9000/health && curl -f http://localhost:9001/health"]
|
|
interval: 30s
|
|
timeout: 10s
|
|
retries: 3
|
|
profiles:
|
|
- dev
|
|
|
|
# Production environment with security hardening
|
|
rustfs-production:
|
|
image: rustfs/rustfs:latest
|
|
container_name: rustfs-production
|
|
ports:
|
|
- "9020:9000" # API endpoint (public)
|
|
- "127.0.0.1:9021:9001" # Console (localhost only)
|
|
environment:
|
|
- RUSTFS_ADDRESS=0.0.0.0:9000
|
|
- RUSTFS_CONSOLE_ADDRESS=0.0.0.0:9001
|
|
- RUSTFS_EXTERNAL_ADDRESS=:9020
|
|
- RUSTFS_CORS_ALLOWED_ORIGINS=https://myapp.com,https://api.myapp.com
|
|
- RUSTFS_CONSOLE_CORS_ALLOWED_ORIGINS=https://admin.myapp.com
|
|
- RUSTFS_CONSOLE_RATE_LIMIT_ENABLE=true
|
|
- RUSTFS_CONSOLE_RATE_LIMIT_RPM=60
|
|
- RUSTFS_CONSOLE_AUTH_TIMEOUT=1800
|
|
- RUSTFS_ACCESS_KEY_FILE=/run/secrets/rustfs_access_key
|
|
- RUSTFS_SECRET_KEY_FILE=/run/secrets/rustfs_secret_key
|
|
volumes:
|
|
- rustfs-production-data:/data
|
|
- rustfs-production-logs:/logs
|
|
- rustfs-certs:/certs:ro
|
|
networks:
|
|
- rustfs-network
|
|
secrets:
|
|
- rustfs_access_key
|
|
- rustfs_secret_key
|
|
restart: unless-stopped
|
|
healthcheck:
|
|
test: ["CMD", "sh", "-c", "curl -f http://localhost:9000/health && curl -f http://localhost:9001/health"]
|
|
interval: 30s
|
|
timeout: 10s
|
|
retries: 3
|
|
profiles:
|
|
- production
|
|
|
|
# Enterprise deployment with TLS and full security
|
|
rustfs-enterprise:
|
|
image: rustfs/rustfs:latest
|
|
container_name: rustfs-enterprise
|
|
ports:
|
|
- "9030:9000" # API endpoint
|
|
- "127.0.0.1:9443:9001" # Console with TLS (localhost only)
|
|
environment:
|
|
- RUSTFS_ADDRESS=0.0.0.0:9000
|
|
- RUSTFS_CONSOLE_ADDRESS=0.0.0.0:9001
|
|
- RUSTFS_EXTERNAL_ADDRESS=:9030
|
|
- RUSTFS_TLS_PATH=/certs
|
|
- RUSTFS_CORS_ALLOWED_ORIGINS=https://enterprise.com
|
|
- RUSTFS_CONSOLE_CORS_ALLOWED_ORIGINS=https://admin.enterprise.com
|
|
- RUSTFS_CONSOLE_RATE_LIMIT_ENABLE=true
|
|
- RUSTFS_CONSOLE_RATE_LIMIT_RPM=30
|
|
- RUSTFS_CONSOLE_AUTH_TIMEOUT=900
|
|
volumes:
|
|
- rustfs-enterprise-data:/data
|
|
- rustfs-enterprise-logs:/logs
|
|
- rustfs-enterprise-certs:/certs:ro
|
|
networks:
|
|
- rustfs-secure-network
|
|
secrets:
|
|
- rustfs_enterprise_access_key
|
|
- rustfs_enterprise_secret_key
|
|
restart: unless-stopped
|
|
healthcheck:
|
|
test: ["CMD", "sh", "-c", "curl -f http://localhost:9000/health && curl -k -f https://localhost:9001/health"]
|
|
interval: 30s
|
|
timeout: 10s
|
|
retries: 3
|
|
profiles:
|
|
- enterprise
|
|
|
|
# API-only deployment (console disabled)
|
|
rustfs-api-only:
|
|
image: rustfs/rustfs:latest
|
|
container_name: rustfs-api-only
|
|
ports:
|
|
- "9040:9000" # API endpoint only
|
|
environment:
|
|
- RUSTFS_ADDRESS=0.0.0.0:9000
|
|
- RUSTFS_CONSOLE_ENABLE=false
|
|
- RUSTFS_CORS_ALLOWED_ORIGINS=https://client-app.com
|
|
- RUSTFS_ACCESS_KEY=api-only-key
|
|
- RUSTFS_SECRET_KEY=api-only-secret
|
|
volumes:
|
|
- rustfs-api-data:/data
|
|
networks:
|
|
- rustfs-network
|
|
restart: unless-stopped
|
|
healthcheck:
|
|
test: ["CMD", "curl", "-f", "http://localhost:9000/health"]
|
|
interval: 30s
|
|
timeout: 10s
|
|
retries: 3
|
|
profiles:
|
|
- api-only
|
|
|
|
# Nginx reverse proxy for production
|
|
nginx-proxy:
|
|
image: nginx:alpine
|
|
container_name: rustfs-nginx
|
|
ports:
|
|
- "80:80"
|
|
- "443:443"
|
|
volumes:
|
|
- ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro
|
|
- ./nginx/ssl:/etc/nginx/ssl:ro
|
|
networks:
|
|
- rustfs-network
|
|
restart: unless-stopped
|
|
depends_on:
|
|
- rustfs-production
|
|
profiles:
|
|
- production
|
|
- enterprise
|
|
|
|
networks:
|
|
rustfs-network:
|
|
driver: bridge
|
|
ipam:
|
|
config:
|
|
- subnet: 172.20.0.0/16
|
|
rustfs-secure-network:
|
|
driver: bridge
|
|
internal: true
|
|
ipam:
|
|
config:
|
|
- subnet: 172.21.0.0/16
|
|
|
|
volumes:
|
|
rustfs-basic-data:
|
|
driver: local
|
|
rustfs-dev-data:
|
|
driver: local
|
|
rustfs-dev-logs:
|
|
driver: local
|
|
rustfs-production-data:
|
|
driver: local
|
|
rustfs-production-logs:
|
|
driver: local
|
|
rustfs-enterprise-data:
|
|
driver: local
|
|
rustfs-enterprise-logs:
|
|
driver: local
|
|
rustfs-enterprise-certs:
|
|
driver: local
|
|
rustfs-api-data:
|
|
driver: local
|
|
rustfs-certs:
|
|
driver: local
|
|
|
|
secrets:
|
|
rustfs_access_key:
|
|
external: true
|
|
rustfs_secret_key:
|
|
external: true
|
|
rustfs_enterprise_access_key:
|
|
external: true
|
|
rustfs_enterprise_secret_key:
|
|
external: true |